Google Hacking Tied to China, But Not Conclusively

In the last week at least four major newspapers have each run stories about the hacking that led Google to threaten that it might stop censoring results in China (which it hasn’t, yet). All of the stories were based on anonymous sourcing from security researchers and intelligence officials, but they don’t exactly paint a cohesive picture of what happened. Here are the key (sometimes conflicting) details that have emerged:

New York Times, Feb. 18: The online attacks, which used malware sent through email attachments, were traced to Shanghai Jiaotong University and the Lanxiang Vocational School. The latter is closely tied to the Chinese military. Before this information came to light, the investigation had implicated servers in Taiwan.

Advertisement

Washington Post, Feb. 20: Investigators have narrowed an exploit of an Internet Explorer 6 vulnerability down to six potential hackers, including contractors based at Chinese and U.S. tech companies in China. The code used in the attacks “was developed by a diverse group of Chinese hackers” and used Chinese servers.

Financial Times, Feb. 21: “A freelance security consultant in his 30s wrote the part of the program that used a previously unknown security hole in the Internet Explorer web browser to break into computers and insert the spyware.” Further, Chinese officials have privileged access to this researcher’s work, which he had also posted in part to a “hacking forum.”

Wall Street Journal, Feb. 22: A “prominent Asian hacking group,” with a tendency to “use the same type of attack code to pilfer data in every scheme it executes” is implicated. Investigators aren’t necessarily likely to pinpoint an individual, according to the report. The group is known to surgically attack a small set of machines rather than collecting massive amounts of data.

The Chinese government, meanwhile, has denied any involvement in the hacking attacks on Google and others, suggesting that Google is a pawn in U.S. diplomatic strategy and that the concept of “Internet freedom” that Google and the U.S. say they want to protect is a fallacy.

Companies like Goofle often don’t want to go public about this type of issues because:
1. it indicates that their G-Mail databases are not very secure (meaning: their programmers & DBAs do not know how to do their jobs).
2. Goofle is very keen to keep its brand on “religion” level.

However Goofle probably felt safe to go public about this particular case because:
A. popular opinion in USA would support Goofles claims of a Bad China that does things like this.
B. Goofle could claim it was done by the Chinese MILITARY and not some scriptkiddies (thus making it possible that Goofle G-Mail is actually “secure”, they just had a very potent adversary).

Later of course Goofle came with the claim that this was Microsofts fault.

Bottom line is that the reason we heard about it in the news was because someone somewhere thought that it can be used for some-sort-of-PR or perhaps “testing the ice”.

Good work at researching the blurry flurry of ‘facts’ in the media on this.

I followed the story on Twitter as it rolled out. US ‘intelligence sources’ pointed to China on day 2, but no evidence was offered. No independant sources have commented except a short statement from Citizen Lab they they were surprised Google went public.

The myriad of conjunctures in the articles you quote suggest a series of planted leaks through-out US media.